Inefficient Regular Expression Complexity
CVE-2024-52798
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated. This issue affects path-to-regexp package versions through 0.1.11. Users are advised to upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
- LOW
- NETWORK
- NONE
- NONE
CWE-1333 - Inefficient Regular Expression Complexity
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
References
Advisory Timeline
- Published